June 6, 2018 Journal article Open Access

Richard Rivera; Platon Kotzias; Avinash Sudhodanan; Juan Caballero

DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd">
  <identifier identifierType="URL">https://zenodo.org/record/1295566</identifier>
  <creators>
    <creator>
      <creatorName>Richard Rivera</creatorName>
      <affiliation>IMDEA Software Institute</affiliation>
    </creator>
    <creator>
      <creatorName>Platon Kotzias</creatorName>
      <affiliation>IMDEA Software Institute</affiliation>
    </creator>
    <creator>
      <creatorName>Avinash Sudhodanan</creatorName>
      <affiliation>IMDEA Software Institute</affiliation>
    </creator>
    <creator>
      <creatorName>Juan Caballero</creatorName>
      <affiliation>IMDEA Software Institute</affiliation>
    </creator>
  </creators>
  <titles>
    <title>Costly Freeware: A Systematic Analysis of Abuse in Download Portals</title>
  </titles>
  <publisher>Zenodo</publisher>
  <publicationYear>2018</publicationYear>
  <dates>
    <date dateType="Issued">2018-06-06</date>
  </dates>
  <language>en</language>
  <resourceType resourceTypeGeneral="JournalArticle"/>
  <alternateIdentifiers>
    <alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/1295566</alternateIdentifier>
  </alternateIdentifiers>
  <relatedIdentifiers>
    <relatedIdentifier relatedIdentifierType="DOI" relationType="IsIdenticalTo">10.1049/iet-ifs.2017.0585</relatedIdentifier>
    <relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://zenodo.org/communities/elastest</relatedIdentifier>
  </relatedIdentifiers>
  <rightsList>
    <rights rightsURI="https://creativecommons.org/licenses/by/4.0/legalcode">Creative Commons Attribution 4.0 International</rights>
    <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
  </rightsList>
  <descriptions>
    <description descriptionType="Abstract">&lt;p&gt;Freeware is proprietary software that can be used free of charge. A popular vector for distributing freeware are download&lt;br&gt;
portals, i.e., websites that index, categorize, and host programs. Download portals can be abused to distribute potentially unwanted&lt;br&gt;
programs (PUP) and malware. The abuse can be due to PUP and malware authors uploading their ware, by benign freeware&lt;br&gt;
authors joining as affiliate publishers of PPI services and other affiliate programs, or by malicious download portal owners. In this&lt;br&gt;
work, we perform a systematic study of abuse in download portals. We build a platform to crawl download portals and apply it to&lt;br&gt;
download 191K Windows freeware installers from 20 download portals. We analyze the collected installers and execute them in a&lt;br&gt;
sandbox to monitor their installation. We measure an overall ratio of PUP and malware between 8% (conservative estimate) and&lt;br&gt;
26% (lax estimate). In 18 of the 20 download portals examined the amount of PUP and malware is below 9%. But, we also find&lt;br&gt;
two download portals exclusively used to distribute PPI downloaders. Finally, we detail different abusive behaviors that authors of&lt;br&gt;
undesirable programs use to distribute their programs through download portals.&lt;/p&gt;</description>
  </descriptions>
  <fundingReferences>
    <fundingReference>
      <funderName>European Commission</funderName>
      <funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/100010661</funderIdentifier>
      <awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/731535/">731535</awardNumber>
      <awardTitle>ElasTest: an elastic platform for testing complex distributed large software systems</awardTitle>
    </fundingReference>
  </fundingReferences>
</resource>